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DETAILED ACTION 
Claim Objections 

1 . Claims 1 , 9 and 1 7 are objected to because of tine following informalities: 

2. The newly introduced phrase: "input classification parameters" is unclear 
because the Examiner is not certain what the "classification parameters" represent. The 
Applicant does not disclose this element in any of the independent claims prior to the 
last step. For the purposes of the examiner, the Examiner interprets "classification 
parameters" to be equivalent to the response from the database including requested 
data that has been authorized to being access by the Security Gate. 

3. Appropriate correction is required. 

Claim Rejections - 35 USC § 103 

1 . The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this 
title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a 
whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner In which the Invention was made. 

2. Claim 1-4. 7, 9-12. 15. 17-20 and 23 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over McNabb et al (US Patent No. 6289462) In view of Hue et 
al (US Publication No. 2002/0126845). 

As to claims 1. 9 and 17. McNabb discloses a data processing system 
comprising a database (Figure 9, element 51 0), the database comprising classified 
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table elements (column 18, lines 56-58), the data processing system coupled to a 
classification engine (Figure 9, element 504) adapted to provide indicators of approval 
or non approval to permit (column14, lines 19-26), for a request associated with a 
requestor (column14, lines 19-26), access to contents of the classified table elements 
(column 8, lines 41-45), a method for retrieving data from the classified table elements 
(column 18, lines 52-58), the method comprising the steps of: receiving the request 
(Figure 9, element 502) at the database (Figure 9, element 510, wherein granted 
requests will be forwarded to the database so that the desired data can be uploaded by 
the requesting party), from the requestor (Figure 9, element 500), to access the 
contents of the classified table elements (column 8, lines 11-15); for each classified 
table element, the database (510) asking the classification engine (504) to provide an 
indication of whether the requestor associated with the request is to be permitted 
access to the contents of the respective classified table element (if request is forwarded 
to the database. It means that the access was granted, the database requires confirmed 
request in order to provide the access to the data, i.e. the database is asking for the 
identification information); and accessing the contents of each classified engine, the 
approval indicators indicating that the requestor is permitted to access the contents of 
the respective classified table element (column 14, lines 56-67, and column 15, lines 1- 
28); wherein the asking step comprises sending, by the database (Figure 9, element 
510), arguments to input classification parameters (Figure 9, reply (SL2), wherein when 
a request (SL2) is issued to the database, the database replies (i.e. SL2)), furthermore, 
due to confusion over the phrase "classification parameters" as described above, the 
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Examiner assumes tliat tine reply comprising data requested by a user can be 
equivalent to classification parameters (i.e. returned data has been classified)) to the 
classification engine (Figure 9, element 504) coupled to the data processing system 
(Figure 9, element 510). McNabb does not explicitly teach the data processing system 
being external to a classification engine, however Hue teaches a system performing 
wireless transaction wherein the authentication module (security gate) is external to a 
database (paragraph 57). It would have been obvious to one of the ordinary skill in the 
art during the time the invention was made to have external authentication unit, as 
taught by Hue, in McNabb's information system, because it is a matter of a design 
choice if a database and authentication software reside on a single server or plural 
servers. The design is usually determined by the available hardware (cost) and the 
amount of the databases holding classified data (i.e. if there are plural databases it 
might be more beneficial to share one classification unit, so in this case it should be a 
separate device). 

As to claims 2, 10 and 18 . McNabb discloses the method comprising the steps 
of: providing to the requestor, access to the contents of each classified table element for 
which an approval indicator is received; and, denying, to the requestor, access to the 
contents of each classified table element for which a non-approval indicator is received 
from the classification engine, the non-approval indicator indicating that the requestor is 
not permitted to access the contents of the respective classified table element (column 
14, lines 49-67,and column 15, lines 1-28). 
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As to claims 3. 11 and 19 . McNabb discloses the method wherein: the classified 
table elements are included in a classified table contained in the database (column 18, 
lines 52-58); each classified table element is associated with a respective classification 
label (column 14, lines 49-54); and the classification engine (Figure 9, element 504) 
uses the classification label for each classified table element and a classification 
associated with the requestor in determining whether to provide the approval indicator 
and whether to provide the non-approval indicator for the respective classified table 
element (column 14, lines 19-26). 

As to claims 4, 12 and 20 . McNabb discloses the method wherein the classified 
table element is a classified table row (column 18, lines 55-58). 

As to claims 7. 15 and 23 . McNabb discloses the method wherein in the asking 
step, the classification engine (Figure 9, element 504) is invoked through at least one 
processing exit (Figure 9, element 502) in the data processing system (Figure 9, 
element 500). 

3. Claims 5, 6, 13, 14, 21 and 22 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over McNabb et al (US Patent 6289462) in the view of Hue et al (US 
Publication No. 2002/0126845) and further in view of Tashenberq (US Publication 
2001/0034711) . 

As to claims 5. 13 and 21. McNabb teaches the method further comprising the 
executable instructions comprising added instructions for invoking the classification 
engine such that for each row of the classified table (column 18, lines 56-58), 
arguments for at least one classification parameter are passed to the classification 
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engine (Figure 9, element 504) for use in generating one of the approval indicator and 
non-approval indicator for the respective row (column 14, lines 19-26 and lines 49-54), 
where the arguments comprise both data stored in one or more classification columns 
of the table (i.e. data that is about to be accessed) and data used to determine the 
classification associated with the requestor (column 14, lines 19-26, i.e. SL (sensitivity 
label)). Neither McNabb nor Hue explicitlv teaches that the original request is compiled 
into executable instructions. Tashenberg teaches a network system wherein request is 
converted into machine executable instructions (paragraph 92). It would have been 
obvious to one of the ordinary skill in the art during the time the invention was made to 
compile the request into machine executable instruction as taught by Tashenberg, and 
use this in McNabb's secure computer operating system, because compiling the 
massages or requests into computer readable instruction is commonly known and used. 
Furthermore compiling step is essential in the system operation because the interface 
that allows the user to request access to certain data is in a human friendly readable 
form, not in a computer language (binary code), and therefore it needs to be converted 
to allow computer to process the instructions. 

As to claims 6, 14 and 22. McNabb discloses the method wherein the 
classification engine (Figure 9, element 504) is adapted to generate the indicators 
(column 14, lines 19-26, i.e. SL) using a classification level derived from data stored in 
the at least one classification column of each respective row (column 18, lines 52-58) in 
accordance with a column mapping schema (i.e. the information about the access are 
derived from the ID and many other criteria. Figure 10). 
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4. Claims 8, 16 and 24 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over McNabb et al (US Patent 6289462) in the view of Hue et a! (US 
Publication No. 2002/0126845) and further in view of Hepworth et a! (US 
Publication 2006/0032920). McNabb teaches all the limitations disclosed in claims 1,9 
and 17 respectively, further he also teaches checking for each classified table element, 
whether decision contains one of an approval indicator and non-approval Indicator 
associated therewith, and wherein the asking step is performed only when neither 
indicator is contained in the decision unit (Figure 9, element 504; since McNabb does 
not teach processing multiple requests from the same user at one point of time, It also 
Indicates that when one request is processed, the asking step is held). McNabb does 
not teach explicitly that the decision about access approval is contained in cache. 
Hepworth teaches the system wherein authorization information is stored in a local 
cache. It would have been obvious to one of the ordinary skill In the art during the time 
the Invention was made to store the approval status temporarily in cache memory as 
taught by Hepworth, in McNabb's access security system, because it is well known in 
the art, that temporary information such as approval are stored for short period of time 
In cache or RAM because usually there is no need to store the authentication data on 
the hard disk. Furthermore In order to complete the transaction the response has to be 
placed In the memory that allows fast process between the requesting and processing 
units. 
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Response to Arguments 

5. Applicant's arguments filed December 28, 2007 have been fully considered but 
they are not persuasive. 

6. With respect to the Applicant's assertion on page 12, wherein the Applicant 
submits that McNabb clearly discloses that requests that are processed at the web 
server that needs access to information in secured partitions are handled by the 
Security Gate (504) and not directly by the database as required by the claim", while the 
Examiner agrees with the Applicant that in McNabb's reference, the request for the 
authorization is not directly received at the database from the client device, it appears 
however that the claimed limitations also do not require the reception of the request 
directly at the database in order to determine if the request should be granted or not. 
The claim recites "receiving the request at the database, from the requestor, to access 
contents however this citation does not necessarily indicate that the database and 
requestor are directly connected. 

7. Furthermore on page 1 3, the Applicant asserts "Nowhere does McNabb disclose 
that the database asks the security gate for identification information. Applicant further 
notes that amended claim 1 defines the "asking step" as "sending the request by the 
database to the classification engine coupled to the data processing system", the 
Examiner disagrees. First of all, the Examiner would like to note that newly added 
limitation does not define "asking step", instead it disclosed one activity being a part of 
asking step. In other words "asking step" may require few actions to take place, and the 
newly amended portion lists an activity being one of them. Furthermore, the Examiner 
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would like to note that the newly introducecl limitation has been objected to (see Claim 
Objections above for more details). Second of all, as shown in figure 9, that database 
(510) is connected to Security gate (504) by two paths "request" and "replies". Since the 
database awaits data being propagated from Security Gate, it can be considered in the 
broad sense that the database "asks" (i.e. seeks information). Consequently, the 
Examiner maintains that the "asking step" is neither defined (please note that this 
excludes examples) in the claim, nor the specification, hence the Examiner allotted the 
broadest reasonable interpretation to this phrase. 

8. On the following page 14, the Applicant asserts "although the forwarding of a 
request to the database may mean that access was granted, this does not mean that 
the database asked the security gate to provide an indication of whether the requestor 
associated with the request is to be permitted access to the contents of the alleged 
respective classified table element in database 510, as required by the claims", the 
Examiner disagrees. Similarly to the explanation provided above term "asking" could 
just simply imply that the database is seeking information about access, and as shown 
in figure 9, the link between the Security Gate and the Database exists at all time so 
that those two modules can communicate. Furthermore, it is important to note that in 
figure 4 it is clearly shown that all of the files (201) correspond to a certain access rights 
(200), so when database gathers confirmed SL levels from the Security Gate, then it 
can be decided if a certain file with the given permission rights can access particular file. 
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The Prior Art 

9. The prior art made of record and not relied upon is considered pertinent to 

applicant's disclosure. 

Zotto et al (US Publication 2004/0009815) disclose a managing access 
to content wherein the access to individual pieces of information is 
controlled. 

Larsen (US Publication 2005/0055581 ) discloses a process-based 
security comprising access rights look-up table. 



Conclusion 

10. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

11. A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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Inquiry 

1 2. Any inquiry concerning this communication or earlier communications from tine 
examiner sliould be directed to Angela M. Lie whose telephone number is 571-272- 
8445. The examiner can normally be reached on M-F. 

1 3. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Don Wong can be reached on 571-272-1834. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

14. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Angela M Lie/ 
Examiner, Art Unit 2163 

/don wong/ 

Supervisory Patent Examiner, Art Unit 2163 



